The IEEE Center for Secure Design initiative released a new guidance document for software architects this week. The document spells out the 10 common design flaws in a straightforward manner, each with a lengthy explainer of inherent weaknesses in each area. Twitter and Google have already used the guidance to build an internal version for its software architects with examples from its code base. Google and Twitter have already made real-world use of the advice in the doc. The 10, in no particular order, are: Earn or give, but never assume, trust or use authentication mechanisms that cannot be bypassed or tampered with.
Source: https://threatpost.com/ieee-guides-software-architects-toward-secure-software-design/107965/